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LINK-LOCK DEVICE AND METHOD OF MONITORING AND 
CONTROLLING A LINK FOR FAILURES AND INTRUSIONS 

TECHNICAL FIELD 

This invention relates to securing information across 
networks, and more particularly to monitoring and 
controlling a link between a network device and a computer 
for failures or intrusions. 

BACKGROUND 

The client/server model is often used to deliver 
information across a network. In this model, a client 
computer connects to a server on which information resides. 
The client computer may request the services of the server, 
such as delivering information. Other services may include 
searching for and sending back information, such as when a 
database on a network is queried. 

A conceptual diagram of a computer network 100, such 
as the Internet, is illustrated in FIG. 1. The network 100 
may comprise small computers 102-114 and large computers 
120, 122, commonly used as servers. In general, small 
computers 102-114 are "personal computers" or workstations 
and are the sites at which a user operates the computer to 
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make requests for data from other computers or servers on 
the network 100. 

A connection to the network 100 may be made through a 
network device 130-136 that provides an interface between 
the requesting computer (i.e. client) and the network 
infrastructure 140. The network device 130-136 may also be 
used to provide an interface between the network 
infrastructure 140 and the server 120, 122. The interface 
between the client 102-114, the server 120-122, and the 
network infrastructure 140 may be defined by a protocol 
referred to as the Hypertext Transfer Protocol (HTTP) . The 
HTTP is the language that Web clients and servers use to 
communicate with each other. A secure version of this 
protocol, HTTP-S, is often used to provide communication 
between the network infrastructure 140 and the network 
device 130-136. However, the link between the network 
device 130-136 and the server 120-122, or the network 
device 130-136 and the small computer 102-114, is often 
configured in a non-secured mode. 
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DESCRIPTION OF DRAWINGS 

These and other features and advantages of the invention 
will become more apparent upon reading the following detailed 
description and upon reference to the accompanying drawings. 
5 Figure 1 is conceptual diagram of a computer network. 

Figure 2 is a block diagram of a network system 
including a link lock system. 

Figure 3 is a block diagram of a link lock system in 
accordance with an embodiment of the present disclosure. 
io FIG. 4 illustrates a method for monitoring and 

controlling a link for failures or intrusions according to 
an embodiment . 



DETAILED DESCRIPTION 

is The present disclosure includes a link-lock system 

coupled to the network device to monitor and control the 
security mode of a link between the network device and the 
server or the client. The security mode of the link may be 
controlled in accordance with the status of the link. For 

20 example, if a link failure or intrusion is detected, the 

security mode of the link is maintained in a secured state 
rather than converted into a non-secured state. 
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An embodiment of a network 2 00 having the link- lock 
system 206 is illustrated in FIG. 2. The network 200 
includes a network interface device 204 configured to 
interface with the network infrastructure 2 01 through a link 
s 202 operating in a secured protocol (e.g. HTTP-S) . The 
HTTP-S provides a variety of security mechanisms to HTTP 
clients and servers, providing the security service options 
appropriate to wide range of potential end uses. 

The network 200 further includes a link-lock system 206 

10 coupled to the network interface device 204. The link-lock 
system 206 monitors security status of the link 208 between 
the network interface device 2 06 and a computer used to 
connect to the network, such as the server or the client 
210. In the illustrated embodiment of FIG. 2, when the 

is link-lock system 206 determines that a link failure or 

intrusion is detected, the security protocol of the link 208 
is maintained in an HTTP-S mode rather than converted into 
an HTTP mode. The link failure or intrusion may include 
physical tampering or alteration of any part of the link 208 

20 between the network interface device 2 04 and the 

server/client 210. The failure or intrusion may also 
include software attack or modification of the link 2 08 from 
external sources . 

A block diagram of the link-lock system 206 in 

25 accordance with an embodiment of the present disclosure is 
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shown in FIG. 3. The link-lock system 206 includes a bus 
monitor 300, a security switch 302, an encryption/decryption 
element 304, and a controller 306. The link-lock system 206 
may also maintain a protocol encryption element 3 08 on the 
5 server/client 210. 

The security switch 3 02 receives data from the network 
interface device 204 or the server/client 210. In the 
illustrated embodiment, the security switch 3 02 commands the 
encryption/decryption element 3 04 to convert the received 

10 data from a secured protocol to a non- secured protocol, when 
the data is received from a network link 310 and is placed 
onto the link 208. The security switch 302 may command the 
encryption/decryption element 304 to convert the received 
data from a non- secured protocol to a secured protocol, when 

is the data is received from the link 208 and is placed onto 
the network link 310. The converted data is then sent to 
the server/client 210 or the network interface device 204 
using an appropriate protocol. 

The bus monitor 300 monitors the link 208 for possible 

20 link failure or intrusion. When a link failure or intrusion 
is detected on the link 208, the bus monitor 300 notifies 
the controller 306. The controller 3 06, upon receipt of the 
link failure, directs the security switch 302 to keep the 
link 2 08 in a secured protocol mode. The controller 3 06 may 

25 also direct the protocol encryption element 3 08 in the 
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server/client 210 to convert the data being placed on the 
link 208 using a secured protocol. In some embodiments, the 
functions of the security switch 3 02, the bus monitor 3 00, 
and the controller 3 06 may be combined into a single 
s element . 

FIG. 4 illustrates a method for monitoring and 
controlling a link for failures or intrusions. The method 
includes monitoring the link between a network device and a 
server/client, at 400. When failures or intrusions are 
10 detected on the link, at 402, the link is directed to use a 
secured protocol at 404. Data sent across this link remains 
in a secured protocol mode until a network manager 
determines that the failures or intrusions have been 
corrected at 406. 

15 Numerous variations and modifications of the invention 

will become readily apparent to those skilled in the art. 
Accordingly, the invention may be embodied in other 
specific forms without departing from its spirit or 
essential characteristics . 
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WHAT IS CLAIMED IS: 

1- A link lock system for a network, comprising: 
a computer; 

a network interface device to provide the computer with 
access to the network; 

a bus monitor to monitor a first link between the 
network interface device and the computer, where said bus 
monitor reports detected failures or intrusions; and 

a security switch to switch the first link from a non- 
secured mode to a secured mode when a report of said 
detected failures or intrusions is received from the bus 
monitor . 

2. The system of claim 1, wherein said computer is a 
server . 

3. The system of claim 1, wherein the network 
operates in a secured mode using an HTTP-S protocol. 

4. The system of claim 1, wherein said non- secured 
mode of the first link between the network device and the 
computer uses HTTP protocol . 
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1 5. The system of claim 4, wherein said secured mode 

2 of the first link between the network device and the 

3 computer uses HTTP-S protocol. 

1 6. The system of claim 1, further comprising: 

2 a controller that receives the report from the bus 

3 monitor and sends control signals to the network interface 

4 device, the security switch, and the computer. 

1 7. The system of claim 6, further comprising: 

2 an encryption element in the computer, where said 

3 encryption element converts data placed on said first link 

4 to a secured protocol when the control signal is received 

5 from said controller. 

1 8. A system for a server, comprising: 

2 an interface device to provide the server with access 

3 to a network; and 

4 a controller to monitor a link between the interface 

5 device and the server, where said controller switches the 

6 link from a non-secured protocol to a secured protocol when 

7 failures or intrusions are detected on the link. 
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1 9. The system of claim 8, wherein the network is 

2 Internet, such that the non-secured protocol includes HTTP 

3 and the secured protocol includes HTTP-S. 

1 10. The system of claim 8, wherein said controller 

2 sends a control signal to the server when failures or 

3 intrusions are detected on the link. 

1 11. The system of claim 10, further comprising: 

2 an encryption element in the server, where said 

3 encryption element converts data placed on said link by the 

4 server to a secured protocol when the control signal is 

5 received from said controller. 

1 12. A method, comprising: 

2 monitoring a link between a network device and a 

3 computer; 

4 first directing the link to use a secured protocol when 

5 failures or intrusions are detected on the link; and 

6 second directing the link to revert to a non- secured 

7 protocol when said detected failures or intrusions have been 

8 corrected. 

1 13. The method of claim 12, wherein said non-secured 

2 protocol includes HTTP protocol. 
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1 14. The method of claim 12, wherein said secured 

2 protocol includes HTTP-S protocol. 

1 15. The method of claim 12, wherein the computer is a 

2 server. 

1 16. An apparatus comprising a machine-readable storage 

2 medium having executable instructions that enable the 

3 machine to : 

4 monitor a link between a network device and a server; 

5 first directing the link to use a secured protocol when 

6 failures or intrusions are detected on the link; and 

7 second directing the link to revert to a non- secured 

8 protocol when said detected failures or intrusions have been 

9 corrected. 

1 17. The apparatus of claim 16, wherein said non- 

2 secured protocol includes HTTP protocol. 

1 18. The apparatus of claim 16, wherein said secured 

2 protocol includes HTTP-S protocol. 
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ABSTRACT 

A link lock system for a network is disclosed. The 
system includes a computer, a network interface device, a bus 
monitor, and a security switch. The network interface device 
provides the computer with access to the network. The bus 
monitor monitors a link between the network interface device 
and the computer. The bus monitor reports detected failures 
or intrusions. The security switch switches the link from a 
non- secured mode to a secured mode when a report of said 
detected failures or intrusions is received from the bus 
monitor. 
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